Criptext is a free encrypted email service with open source apps for Windows, Linux, macOS, Android and iOS
Criptext is a free encrypted email service for Windows, Linux, macOS, Android and iOS. It has been around for a while, but I thought it may be worth looking into.
Before we get started, allow me to say that this article isn't about Criptext vs Protonmail, so we're not going to discuss which one's better. It's about what Criptext has to offer.
The applications for Criptext are open-source, but the servers are not. Then again neither is Protonmail's. (Okay, I know I just said I won't compare the two, but this is the only time I do it in the article).
There is something you should know about Criptext. It is not cloud-based like Gmail or Outlook; Criptext emails are not stored on servers permanently, they are only stored on your device using end-to-end encryption. It uses the Signal Protocol for this.
How does this work? According to the official documentation, Criptext passes the mail through their server for a moment and it's deleted once the mail is delivered. The only exception to this is when the message is un-deliverable; say when the recipient's device is offline. The email is stored on the server until it is delivered in this case. If it isn't delivered within 30 days, it's deleted from the server as well.
Criptext says that every email is encrypted with a unique key. Attachments are encrypted as well; they are stored on Criptext's Amazon Web Services servers though the encryption keys for those are saved on user devices.
The important thing to note here is that the service only encrypts mails sent by one Criptext user to another. So, if you use it to send mails to other services (Gmail, Outlook, etc), those will not be encrypted.
Tip: You can tell whether an email is encrypted or not, by looking for the padlock icon. If it has one, it's encrypted.
How to sign up for Criptext
You need to install the desktop program or the mobile app and use it to sign up. Once you do, the application begins creating the encryption/decryption keys for your account on your device.
Note: While signing up for an account, you can optionally enter a recovery email address. This is only required to reset the password of your account.
Testing the sign in process
Since the account credentials part is not cloud based, I wanted to see how I could sign in to an existing account on a new device. So, I disabled the internet on my laptop and tried to sign in to the same account on my phone. The mobile app prompted me to use the desktop client to approve the sign in, but it did offer an option to sign in with my password. Because I was testing the service, I used the desktop app's approval method to sign in. And it synced the account to my phone. This was unusual, but works fine.
Warning: Using a password to sign in will not sync the existing mailbox (from another device) to the new device. That's because the decryption keys for the older mails are stored on the other device.
Criptext's Special Features
Syncing the mailbox
Criptext syncs the mailbox between devices, so if you send an email from your phone, it will sync it to your desktop program's sent folder (and vice-versa). Incoming emails are delivered to all devices. You can use it to sync up to 10 devices. Attachments have a 25MB size-limit, but there are no limits for the number of attachments.
Unsend an email
You can unsend an email that you sent to a contact; you have up to 60 minutes for this. While I like the Unsend mail feature, I feel having a one-hour limit is a bit much. Also, this works only if the email has not been read already.
Email Tracking Ã la Read Receipts
Read receipts are supported in Criptext, i.e., you can tell when the recipient has opened your mail.
Frankly, I'm not a fan of this. The recipient deserves a bit of privacy too, fortunately you can turn off "Read Receipts" from the Settings. Doing so will also disable read receipts for mails that you send to others. I initially thought the mail service uses a header or something for this, but I'm quite certain that this feature is available because Criptext uses the Signal Protocol (which is intended for instant messaging).
You can backup your mailbox locally on the device or store it in the cloud manually. The backup is encrypted with a passphrase that you specify.
Enabling this will require you to enter the password on your next sign-in, and approve it from a device that you're already signed in to.
The reason I haven't reviewed the desktop mail client is because it's nothing special, it looks and functions like your average mail client.
On paper the service looks great; it's nice to have such privacy friendly platforms. But with all that being said, I don't think Criptext is for casual users. Why? Well, it can't encrypt mails that you send to mail addresses belonging to other services. The privacy/security that encryption provides are its primary feature. So, unless you manage to convince people to shift to Criptext, you're probably not going to be using it every day. And that's not going to be easy as people will opt for convenience over privacy, which is a sad story in itself.